As a patient moves down the small, loud tunnel of an MRI tube, CT scan, or other high-powered radiology device, it’s safe to assume they believe the diagnostic benefits outweigh the risk of radiation exposure (and a possible claustrophobic-induced panic attack). In fact, only after understanding – and accepting -- these risks is a patient permitted to proceed with the test. But, what additional risks could you be exposing yourself to while using a diagnostic imaging device? According to a new project being spearheaded by the National Cybersecurity Center of Excellence (NCCoE) Healthcare Sector Community of Interest, cybersecurity is now considered a significant risk associated with medical imaging that must be better understood and addressed by the healthcare sector. NCCoE has recently decided to help the sector tackle this challenge via collaboration with a select group of cybersecurity vendors. That said, I am proud to announce that NCCoE has named Tripwire, among a handful of other security vendors, as co-collaborators that will develop an example solution for securing the medical imaging device ecosystem known as Picture Archiving and Communication Systems (PACS). Otherwise defined by the FDA as Class II devices that provide “one or more capabilities relating to the acceptance, transfer, display, storage, and digital processing of medical images,” PACS provide diagnostic results that determine a patient’s next course of treatment and is one of several networked ecosystems critical to efficient doctor-patient workflow management within a Healthcare Delivery Organization (HDO). The final outcome of the group’s collaboration will be delivered in the form of a multi-volume NIST Cybersecurity Practice Guide intended to “…help healthcare sector organizations implement more-secure PACS solutions through the use of stronger security controls.” Tripwire products within these solutions will play a vital role in demonstrating how organizations can reduce the likelihood of a breach, minimize hospital and medical system disruptions, and protect patient privacy. NIST standards and security controls have always been foundational to Tripwire products and solutions, so offering our support to NCCoE on this and similar collaborative projects was an easy decision and natural fit. We are grateful for the opportunity to further our partnership with the National Cybersecurity Center of Excellence (NCCoE) in this ongoing effort to demonstrate how to apply standards and best practices to real-world solutions. To learn more about the PACS project for the Healthcare Sector, download the project description at: https://www.nccoe.nist.gov/sites/default/files/library/project-descriptions/hit-pacs-project-description-final.pdf Author note: NIST does not evaluate commercial products under this Consortium and does not endorse any product or service used.
